How Enhanced Due Diligence (EDD) Works
Enhanced Due Diligence is a structured, multi-step process that activates when a customer or transaction crosses a defined risk threshold. Unlike standard customer due diligence, EDD does not have a fixed checklist — the depth of investigation is proportionate to the specific risk factors identified. The process typically unfolds across five distinct phases.
Risk Trigger Identification
A risk assessment flags the customer or transaction as high-risk. Common triggers include PEP status, residence or incorporation in a FATF high-risk jurisdiction, unusual transaction volumes, complex multi-layered ownership, or prior suspicious activity reports linked to the entity.
Expanded Identity Verification
Beyond standard know-your-customer documents, EDD requires certified copies of identity documents, proof of residential address, and — for legal entities — notarised corporate formation documents and a full beneficial ownership structure chart tracing ownership to natural persons above the applicable threshold (typically 25%).
Source-of-Funds and Source-of-Wealth Verification
The compliance team must establish not only where a specific payment originates (source of funds) but also how the customer accumulated their overall wealth (source of wealth). Evidence may include audited accounts, pay slips, inheritance documentation, or property sale records. Unverifiable sources are a hard blocker.
Adverse Media and Sanctions Screening
Automated and manual screening against global sanctions lists (OFAC, UN, EU, HMT), politically exposed person databases, and adverse media sources is mandatory. Screening must cover the customer, their ultimate beneficial owners, directors, and close associates.
Senior Management Approval and Ongoing Monitoring
EDD relationships must be approved by a senior compliance officer or management-level signatory before onboarding proceeds. Once approved, the relationship is subject to enhanced ongoing monitoring: lower transaction thresholds for automated alerts, more frequent periodic reviews (often annually or semi-annually), and prompt re-assessment if risk indicators change.
Why Enhanced Due Diligence (EDD) Matters
Weak EDD controls are among the most cited deficiencies in regulatory enforcement actions against payment firms. The financial and reputational stakes are severe, and regulators globally are increasing scrutiny of how firms implement risk-based customer oversight. Understanding the scale of financial crime underscores why EDD is not optional box-ticking.
The United Nations Office on Drugs and Crime estimates that between 2% and 5% of global GDP — approximately $800 billion to $2 trillion — is laundered annually, with payment systems being a primary conduit. In 2023 alone, global AML-related fines across banks and payment institutions exceeded $6 billion according to industry enforcement trackers, with inadequate EDD procedures cited in the majority of cases involving correspondent banking and high-risk customer failures.
Regulatory Baseline
The Financial Action Task Force (FATF) Recommendation 19 explicitly requires member countries to mandate EDD for business relationships and transactions with natural or legal persons from higher-risk countries. Over 200 jurisdictions have adopted FATF standards, making EDD a near-universal obligation for regulated payment entities.
Beyond fines, firms that fail EDD obligations face correspondent banking de-risking — losing access to USD or EUR clearing rails — which is often an existential threat for payment businesses operating cross-border.
Enhanced Due Diligence (EDD) vs. Standard CDD
Both EDD and standard CDD are components of a firm's broader anti-money laundering framework, but they differ substantially in scope, depth, and ongoing obligations. The right approach depends entirely on the risk profile of the customer.
| Dimension | Standard CDD | Enhanced Due Diligence (EDD) |
|---|---|---|
| Trigger | All new customers by default | High-risk customers, PEPs, high-risk jurisdictions |
| Identity verification | Government ID + proof of address | Certified/notarised documents, full UBO mapping |
| Source of funds | Not typically required | Mandatory, with documentary evidence |
| Source of wealth | Not required | Required for PEPs and complex wealth structures |
| Sanctions screening | Standard list check | Multi-database, including adverse media |
| Approval requirement | Standard compliance sign-off | Senior management sign-off mandatory |
| Ongoing monitoring | Periodic review (e.g., every 3 years) | Enhanced monitoring, annual or more frequent review |
| Record retention | 5 years (typical) | 5–10 years, jurisdiction-dependent |
| Regulatory basis | FATF Rec. 10, local AML laws | FATF Rec. 12, 13, 19; EU AMLD Article 18–24 |
Types of Enhanced Due Diligence (EDD)
EDD is not a single procedure — it encompasses several distinct variants, each designed for a specific risk category. Compliance teams must apply the appropriate EDD type based on the risk trigger identified.
PEP-Specific EDD targets individuals who hold or have recently held prominent public functions — heads of state, senior politicians, military officials, judicial figures — and their immediate family members and close associates. This variant requires additional declarations about the nature of the public role and the source of any wealth accumulated during or around the period of public office.
Correspondent Banking EDD applies when a regulated institution establishes a relationship with a foreign financial institution to process transactions on its behalf. This is among the highest-risk relationship types and requires assessment of the respondent institution's AML controls, ownership structure, and regulatory standing in its home jurisdiction.
Jurisdiction-Based EDD is triggered when a customer is incorporated in, resident in, or conducting significant business with a country on a high-risk list (FATF grey/black list, EU high-risk third country list, or firm-specific internal lists). The EDD scope scales with the severity of the jurisdiction risk classification.
Transaction-Level EDD applies to specific transactions rather than the customer relationship overall — for example, large cash-equivalent transactions, complex multi-leg fund flows, or payments with no apparent economic rationale. This variant may be triggered mid-relationship by transaction monitoring alerts.
Best Practices
Applying EDD effectively requires alignment between compliance policy, operational processes, and technology infrastructure. Gaps in any layer create regulatory exposure.
For Merchants
Merchants operating in sectors that attract EDD scrutiny — cross-border commerce, digital goods, subscription businesses with high chargeback exposure — should proactively prepare EDD documentation packages before approaching payment providers. Delays in supplying source-of-funds evidence are among the most common causes of onboarding failures. Maintain audited accounts, corporate structure diagrams, and ownership documentation in a readily accessible compliance data room. If your business structure involves holding companies or nominee directors, obtain legal opinion letters that explain the rationale — unexplained complexity is a red flag for any compliance reviewer.
For Developers
When building onboarding flows for payment platforms, design data collection forms to capture EDD-required fields conditionally — triggered by risk scoring logic rather than asked of every user. Integrate with specialist identity verification and adverse media providers via API to automate the screening layer. Ensure document storage is encrypted at rest with access controls that create an audit trail, since regulators may request evidence that EDD records were handled securely. Build periodic review workflows into your compliance tooling so enhanced monitoring does not lapse when customer risk profiles change over time.
Common Mistakes
Even well-resourced compliance teams make predictable errors when implementing EDD. These mistakes are consistently cited in regulatory enforcement actions.
Applying EDD as a one-time check. EDD is an ongoing obligation. A PEP who passes onboarding EDD in year one must still be reviewed when their risk profile changes — for example, if they assume a new public role, appear in adverse media, or significantly increase transaction volumes. Treating EDD as a point-in-time exercise rather than a continuous process is a fundamental compliance failure.
Incomplete beneficial ownership mapping. Stopping ownership tracing at the first legal entity layer rather than following the chain to the natural persons who ultimately own or control the business. Many financial crime schemes use multi-layered corporate structures precisely to obscure beneficial ownership — EDD must go all the way.
Over-relying on customer self-certification. Accepting a customer's declaration of source of funds without independent verification is insufficient under most regulatory frameworks. EDD requires corroborating evidence — bank statements, tax returns, company accounts — not just a signed form.
Failing to document the risk rationale. Regulators do not just assess whether EDD was done — they assess whether the firm understood why EDD was triggered and whether the response was proportionate. Undocumented risk reasoning is treated as absent reasoning.
Inconsistent senior management sign-off. EDD policies that require senior management approval but allow compliance analysts to approve in practice — without a formal escalation trail — fail the intent of the requirement. Approval workflows must be auditable.
Enhanced Due Diligence (EDD) and Tagada
Tagada operates as a payment orchestration layer, routing transactions across multiple acquiring banks and payment processors. Because Tagada sits in the flow of funds and facilitates merchant onboarding, EDD requirements are directly relevant to how the platform manages high-risk merchant relationships and ensures compliance across its network.
EDD in Orchestration Contexts
Payment orchestration platforms that onboard merchants must apply EDD to high-risk merchant categories — adult content, nutraceuticals, travel, crypto off-ramps — before routing their transactions. Tagada's compliance layer enables risk-tiered onboarding workflows, ensuring EDD documentation requirements are enforced at the merchant acquisition stage and that enhanced monitoring flags are carried through to transaction routing rules.
For developers integrating with Tagada, the platform's merchant onboarding API supports conditional EDD document collection flows and integrates with downstream compliance screening services, reducing the engineering overhead of building EDD-compliant workflows from scratch.